Re: [PATCH v3 9/9] riscv: kexec: Route normal kexec through the trampoline page table

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] The patch removes the `set_memory_x()` call in `machine_kexec_prepare()` but fails to remove the corresponding `set_memory_nx()` call in `machine_kexec_cleanup()`, leading to an unbalanced page protection modification.
--

commit 1f36a552a8c04150c5598c4bdd508c89d475252b
Author: Fangyu Yu <fangyu.yu@linux.alibaba.com>

riscv: kexec: Route normal kexec through the trampoline page table

This commit routes normal kexec through a trampoline wrapper, which drops
SATP with PC already on a PA. As a result, the relocation code now runs
entirely with the MMU off.

> diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_kexec.c
> index 71688c63af65f..82fcb84a03ec5 100644
> --- a/arch/riscv/kernel/machine_kexec.c
> +++ b/arch/riscv/kernel/machine_kexec.c
> @@ -164,9 +164,6 @@ machine_kexec_prepare(struct kimage *image)
>  		memcpy(control_code_buffer, riscv_kexec_relocate,
>  			riscv_kexec_relocate_size);
>  
> -		/* Mark the control page executable */
> -		set_memory_x((unsigned long) control_code_buffer, 1);
> -

[Severity: Medium]
By removing this set_memory_x() call here, does machine_kexec_cleanup()
now have an unbalanced set_memory_nx() call?

Looking at machine_kexec_cleanup() in arch/riscv/kernel/machine_kexec.c:

void
machine_kexec_cleanup(struct kimage *image)
{
	...
	control_code_buffer = page_address(image->control_code_page);
	set_memory_nx((unsigned long)control_code_buffer, 1);
}

Since __set_memory() unconditionally splits the linear mapping on RISC-V,
will leaving this set_memory_nx() call permanently shatter direct map huge
pages down to 4KB PTEs every time a non-crash kexec image is unloaded or
fails to load?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260604132418.15725-1-fangyu.yu@linux.alibaba.com?part=9